Java tutorial
// Copyright 2016 The Nomulus Authors. All Rights Reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package google.registry.util; import static com.google.common.base.Preconditions.checkArgument; import com.google.common.collect.AbstractSequentialIterator; import com.google.common.net.InetAddresses; import java.io.Serializable; import java.net.InetAddress; import java.net.UnknownHostException; import java.util.Arrays; import java.util.Iterator; import java.util.logging.Logger; import javax.annotation.Nullable; /** * Class representing an RFC 1519 CIDR IP address block. * * <p>When creating a CidrAddressBlock from an IP string literal * without a specified CIDR netmask (i.e. no trailing "/16" or "/64") * or an InetAddress with an accompanying integer netmask, then the * maximum length netmask for the address famiy of the specified * address is used (i.e. 32 for IPv4, 128 for IPv6). I.e. "1.2.3.4" * is automatically treated as "1.2.3.4/32" and, similarly, * "2001:db8::1" is automatically treated as "2001:db8::1/128". * */ // TODO(b/21870796): Migrate to Guava version when this is open-sourced. public class CidrAddressBlock implements Iterable<InetAddress>, Serializable { private static final Logger logger = Logger.getLogger(CidrAddressBlock.class.getName()); private final InetAddress ip; /** * The number of block or mask bits needed to create the address block * (starting from the most-significant side of the address). */ private final int netmask; /** * Attempts to parse the given String into a CIDR block. * * <p>If the string is an IP string literal without a specified * CIDR netmask (i.e. no trailing "/16" or "/64") then the maximum * length netmask for the address famiy of the specified address is * used (i.e. 32 for IPv4, 128 for IPv6). * * <p>The specified IP address portion must be properly truncated * (i.e. all the host bits must be zero) or the input is considered * malformed. For example, "1.2.3.0/24" is accepted but "1.2.3.4/24" * is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas * "2001:db8::1/32" is not. * * <p>If inputs might not be properly truncated but would be acceptable * to the application consider constructing a {@code CidrAddressBlock} * via {@code create()}. * * @param s a String of the form "217.68.0.0/16" or "2001:db8::/32". * * @throws IllegalArgumentException if s is malformed or does not * represent a valid CIDR block. */ public CidrAddressBlock(String s) { this(parseInetAddress(s), parseNetmask(s), false); } /** * Attempts to parse the given String and int into a CIDR block. * * <p>The specified IP address portion must be properly truncated * (i.e. all the host bits must be zero) or the input is considered * malformed. For example, "1.2.3.0/24" is accepted but "1.2.3.4/24" * is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas * "2001:db8::1/32" is not. * * <p>An IP address without a netmask will automatically have the * maximum applicable netmask for its address family. I.e. "1.2.3.4" * is automatically treated as "1.2.3.4/32", and "2001:db8::1" is * automatically treated as "2001:db8::1/128". * * <p>If inputs might not be properly truncated but would be acceptable * to the application consider constructing a {@code CidrAddressBlock} * via {@code create()}. * * @param ip a String of the form "217.68.0.0" or "2001:db8::". * @param netmask an int between 0 and 32 (for IPv4) or 128 (for IPv6). * This is the number of bits, starting from the big end of the IP, * that will be used for network bits (as opposed to host bits) * in this CIDR block. * * @throws IllegalArgumentException if the params are malformed or do not * represent a valid CIDR block. */ public CidrAddressBlock(String ip, int netmask) { this(InetAddresses.forString(ip), checkNotNegative(netmask), false); } public CidrAddressBlock(InetAddress ip) { this(ip, AUTO_NETMASK, false); } public CidrAddressBlock(InetAddress ip, int netmask) { this(ip, checkNotNegative(netmask), false); } /** * Attempts to construct a CIDR block from the IP address and netmask, * truncating the IP address as required. * * <p>The specified IP address portion need not be properly truncated * (i.e. all the host bits need not be zero); truncation will be silently * performed. For example, "1.2.3.4/24" is accepted and returns the * same {@code CidrAddressBlock} as "1.2.3.0/24". Similarly, for IPv6, * "2001:db8::1/32" is accepted and returns the same * {@code CidrAddressBlock} as "2001:db8::/32". * * @param ip {@link InetAddress}, possibly requiring truncation. * @param netmask an int between 0 and 32 (for IPv4) or 128 (for IPv6). * This is the number of bits, starting from the big end of the IP, * that will be used for network bits (as opposed to host bits) * when truncating the supplied {@link InetAddress}. * * @throws IllegalArgumentException if the params are malformed or do not * represent a valid CIDR block. * @throws NullPointerException if a parameter is null. */ public static CidrAddressBlock create(InetAddress ip, int netmask) { return new CidrAddressBlock(ip, checkNotNegative(netmask), true); } /** * Attempts to construct a CIDR block from the IP address and netmask * expressed as a String, truncating the IP address as required. * * <p>The specified IP address portion need not be properly truncated * (i.e. all the host bits need not be zero); truncation will be silently * performed. For example, "1.2.3.4/24" is accepted and returns the * same {@code CidrAddressBlock} as "1.2.3.0/24". Similarly, for IPv6, * "2001:db8::1/32" is accepted and returns the same * {@code CidrAddressBlock} as "2001:db8::/32". * * @param s {@code String} representing either a single IP address or * a CIDR netblock, possibly requiring truncation. * * @throws IllegalArgumentException if the params are malformed or do not * represent a valid CIDR block. * @throws NullPointerException if a parameter is null. */ public static CidrAddressBlock create(String s) { return new CidrAddressBlock(parseInetAddress(s), parseNetmask(s), true); } private static final int AUTO_NETMASK = -1; /** * The universal constructor. All public constructors should lead here. * * @param ip {@link InetAddress}, possibly requiring truncation. * @param netmask the number of prefix bits to include in the netmask. * This is between 0 and 32 (for IPv4) or 128 (for IPv6). * The special value {@code AUTO_NETMASK} indicates that the CIDR block * should cover exactly one IP address. * @param truncate controls the behavior when an address has extra trailing * bits. If true, these bits are silently truncated, otherwise this * triggers an exception. * * @throws IllegalArgumentException if netmask is out of range, or ip has * unexpected trailing bits. * @throws NullPointerException if a parameter is null. */ private CidrAddressBlock(InetAddress ip, int netmask, boolean truncate) { // A single IP address is always truncated, by definition. if (netmask == AUTO_NETMASK) { this.ip = ip; this.netmask = ip.getAddress().length * 8; return; } // Determine the truncated form of this CIDR block. InetAddress truncatedIp = applyNetmask(ip, netmask); // If we're not truncating silently, then check for trailing bits. if (!truncate && !truncatedIp.equals(ip)) { throw new IllegalArgumentException("CIDR block: " + getCidrString(ip, netmask) + " is not properly truncated, should have been: " + getCidrString(truncatedIp, netmask)); } this.ip = truncatedIp; this.netmask = netmask; } private static String getCidrString(InetAddress ip, int netmask) { return ip.getHostAddress() + "/" + netmask; } /** * Attempts to parse an {@link InetAddress} prefix from the given String. * * @param s a String of the form "217.68.0.0/16" or "2001:db8::/32". * * @throws IllegalArgumentException if s does not begin with an IP address. */ private static InetAddress parseInetAddress(String s) { int slash = s.indexOf('/'); return InetAddresses.forString((slash < 0) ? s : s.substring(0, slash)); } /** * Attempts to parse a netmask from the given String. * * <p>If the string does not end with a "/xx" suffix, then return AUTO_NETMASK * and let the constructor handle it. Otherwise, we only verify that the * suffix is a well-formed nonnegative integer. * * @param s a String of the form "217.68.0.0/16" or "2001:db8::/32". * * @throws IllegalArgumentException if s is malformed or does not end with a * valid nonnegative integer. */ private static int parseNetmask(String s) { int slash = s.indexOf('/'); if (slash < 0) { return AUTO_NETMASK; } try { return checkNotNegative(Integer.parseInt(s.substring(slash + 1))); } catch (NumberFormatException nfe) { throw new IllegalArgumentException("Invalid netmask: " + s.substring(slash + 1)); } } private static int checkNotNegative(int netmask) { checkArgument(netmask >= 0, "CIDR netmask '%s' must not be negative.", netmask); return netmask; } private static InetAddress applyNetmask(InetAddress ip, int netmask) { byte[] bytes = ip.getAddress(); checkArgument((netmask >= 0) && (netmask <= (bytes.length * 8)), "CIDR netmask '%s' is out of range: 0 <= netmask <= %s.", netmask, (bytes.length * 8)); // The byte in which the CIDR boundary falls. int cidrByte = (netmask == 0) ? 0 : ((netmask - 1) / 8); // The number of mask bits within this byte. int numBits = netmask - (cidrByte * 8); // The bitmask for this byte. int bitMask = (-1 << (8 - numBits)); // Truncate the byte in which the CIDR boundary falls. bytes[cidrByte] = (byte) (bytes[cidrByte] & bitMask); // All bytes following the cidrByte get zeroed. for (int i = cidrByte + 1; i < bytes.length; ++i) { bytes[i] = 0; } try { return InetAddress.getByAddress(bytes); } catch (UnknownHostException uhe) { throw new IllegalArgumentException( String.format("Error creating InetAddress from byte array '%s'.", Arrays.toString(bytes)), uhe); } } /** * @return the standard {@code String} representation of the IP portion * of this CIDR block (a.b.c.d, or a:b:c::d) * * <p>NOTE: This is not reliable for comparison operations. It is * more reliable to normalize strings into {@link InetAddress}s and * then compare. * * <p>Consider: * <ul> * <li>{@code "10.11.12.0"} is equivalent to {@code "10.11.12.000"} * <li>{@code "2001:db8::"} is equivalent to * {@code "2001:0DB8:0000:0000:0000:0000:0000:0000"} * </ul> */ public String getIp() { return ip.getHostAddress(); } public InetAddress getInetAddress() { return ip; } /** * Returns the number of leading bits (prefix size) of the routing prefix. */ public int getNetmask() { return netmask; } /** * Returns {@code true} if the supplied {@link InetAddress} is within * this {@code CidrAddressBlock}, {@code false} otherwise. * * <p>This can be used to test if the argument falls within a well-known * network range, a la GoogleIp's isGoogleIp(), isChinaIp(), et alia. * * @param ipAddr {@link InetAddress} to evaluate. * @return {@code true} if {@code ipAddr} is logically within this block, * {@code false} otherwise. */ public boolean contains(@Nullable InetAddress ipAddr) { if (ipAddr == null) { return false; } // IPv4 CIDR netblocks can never contain IPv6 addresses, and vice versa. // Calling getClass() is safe because the Inet4Address and Inet6Address // classes are final. if (ipAddr.getClass() != ip.getClass()) { return false; } try { return ip.equals(applyNetmask(ipAddr, netmask)); } catch (IllegalArgumentException iae) { // Something has gone very wrong. This CidrAddressBlock should // not have been created with an invalid netmask and a valid // netmask should have been successfully applied to "ipAddr" as long // as it represents an address of the same family as "this.ip". logger.warning(iae.getMessage()); return false; } } /** * Returns {@code true} if the supplied {@code CidrAddressBlock} is within * this {@code CidrAddressBlock}, {@code false} otherwise. * * <p>This can be used to test if the argument falls within a well-known * network range, a la GoogleIp's isGoogleIp(), isChinaIp(), et alia. * * @param cidr {@code CidrAddressBlock} to evaluate. * @return {@code true} if {@code cidr} is logically within this block, * {@code false} otherwise. */ public boolean contains(@Nullable CidrAddressBlock cidr) { if (cidr == null) { return false; } if (cidr.netmask < netmask) { // No block can contain a network larger than it // (in CIDR larger blocks have smaller netmasks). return false; } return contains(cidr.getInetAddress()); } /** * Returns {@code true} if the supplied {@code String} is within * this {@code CidrAddressBlock}, {@code false} otherwise. * * <p>This can be used to test if the argument falls within a well-known * network range, a la GoogleIp's isGoogleIp(), isChinaIp(), et alia. * * @param s {@code String} to evaluate. * @return {@code true} if {@code s} is logically within this block, * {@code false} otherwise. */ public boolean contains(@Nullable String s) { if (s == null) { return false; } try { return contains(create(s)); } catch (IllegalArgumentException iae) { return false; } } /** * Returns the address that is contained in this {@code CidrAddressBlock} * with the most bits set. * * <p>This can be used to calculate the upper bound address of the address * range for this {@code CidrAddressBlock}. */ public InetAddress getAllOnesAddress() { byte[] bytes = ip.getAddress(); // The byte in which the CIDR boundary falls. int cidrByte = (netmask == 0) ? 0 : ((netmask - 1) / 8); // The number of mask bits within this byte. int numBits = netmask - (cidrByte * 8); // The bitmask for this byte. int bitMask = ~(-1 << (8 - numBits)); // Set all non-prefix bits where the CIDR boundary falls. bytes[cidrByte] = (byte) (bytes[cidrByte] | bitMask); // All bytes following the cidrByte get set to all ones. for (int i = cidrByte + 1; i < bytes.length; ++i) { bytes[i] = (byte) 0xff; } try { return InetAddress.getByAddress(bytes); } catch (UnknownHostException uhe) { throw new IllegalArgumentException( String.format("Error creating InetAddress from byte array '%s'.", Arrays.toString(bytes)), uhe); } } @Override public Iterator<InetAddress> iterator() { return new AbstractSequentialIterator<InetAddress>(ip) { @Override protected InetAddress computeNext(InetAddress previous) { if (InetAddresses.isMaximum(previous)) { return null; } InetAddress next = InetAddresses.increment(previous); return (contains(next)) ? next : null; } }; } @Override public int hashCode() { return InetAddresses.coerceToInteger(ip); } @Override public boolean equals(@Nullable Object o) { if (!(o instanceof CidrAddressBlock)) { return false; } CidrAddressBlock cidr = (CidrAddressBlock) o; return ip.equals(cidr.ip) && (netmask == cidr.netmask); } @Override public String toString() { return getCidrString(ip, netmask); } }